I'm building a contact us page that also uses a reCaptcha, but im having a few issues with it. I fill in all of the fields in the contact form and the correct reCaptcha words, but the form does not submit. I'm assuming this is something to do with the validation, but wondered if someone might be able to spot where i'm going wrong?
The PHP code at the top of my page looks like this;
<?php include('includes/session.php');
$err = '';
$success = '';
if(isset($_POST["docontact"]) && $_POST["docontact"] == "yes") {
//get form details
$form = new stdClass();
$form->name = sanitizeOne($_POST["name"], "str");
$form->email = sanitizeOne($_POST["email"], "str");
$form->phone = sanitizeOne($_POST["phone"], "str");
$form->mysevenprog = sanitizeOne($_POST["mysevenprog"], "str");
$form->enquiry = sanitizeOne($_POST["enquiry"], "str");
$form->howfindsite = sanitizeOne($_POST["howfindsite"], "str");
//Check for errors (required: name, email, enquiry)
if($form->name == "") {
$err .= '<p class="warning">Please enter your name!</p>';
}
if($form->email == "") {
$err .= '<p class="warning">Please enter your email address!</p>';
}
if($form->enquiry == "") {
$err .= '<p class="warning">Please supply an enquiry message!</p>';
}
//Send Email
if($err == "") {
$mailer = new BlueMailer();
$mailer->AddAddress(Configuration::getVar("developer_email"), Configuration::getVar("admin_email_name"));
include('templates/email/contact-us-admin.php');
if(!$mailer->Send()) {
$err .= "<p>There was an error sending submitting your request!, Please try again later.";
} else {
$success = 'thanks';
}
}
} else {
//Initialise empty variables
$form = new stdClass();
$form->name = "";
$form->email = "";
$form->phone = "";
$form->mysevenprog = "";
$form->enquiry = "";
$form->howfindsite = "";
}
?>
And then in the body of my page I have the form as follows;
<?php if($err != "") : ?>
<div class="error">
<?php echo $err; ?>
</div>
<?php endif; ?>
<?php if($success == 'thanks') : ?>
<h3>Thank you for your enquiry</h3>
<p>Your enquiry has been successfully sent. Someone will contact you shortly.</p>
<?php else: ?>
<h3>If you are looking to advertise with us, have some feedback about some of our programming or want to say 'Hi' please use the fields below</h3>
<form name="contactus" id="contactus" method="post" action="<?php echo $_SERVER['SCRIPT_NAME'] ?>">
<ul>
<li><label for="name">Your name: *</label> <input name="name" id="name" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->name ?>" /></li>
<li><label for="email">Email address: *</label> <input name="email" id="email" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->email ?>" /></li>
<li><label for="phone">Telephone:</label> <input name="phone" id="phone" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->phone ?>" /></li>
<li><label for="mysevenprog">My Seven programme</label> <input name="mysevenprog" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->mysevenprog ?>" /></li>
<li><label for="enquiry">Enquiry/Message: *</label> <textarea name="enquiry" class="textarea" rows="5" cols="30" style="width: 75%;" id="enquiry"><?php echo $form->enquiry ?></textarea></li>
<li><label for="howfindsite">How did you find out about our site?</label> <input name="howfindsite" id="howfindsite" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->howfindsite ?>" /></li>
<li>
<?php
require_once('recaptchalib.php');
// Get a key from http://recaptcha.net/api/getkey
$publickey = "";
$privatekey = "";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# was there a reCAPTCHA response?
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
echo "You got it!";
} else {
# set the error code so that we can display it
$error = $resp->error;
}
}
echo recaptcha_get_html($publickey, $error);
?>
</li>
<li><input type="submit" value="Submit Form" class="button" /></li>
</ul>
<input type="hidden" name="docontact" value="yes" />
</form>
<?php endif; ?>
The form gets rendered like this in the browser;
<form name="contactus" id="contactus" method="post" action="/contact-us2.php">
<ul>
<li><label for="name">Your name: *</label> <input name="name" id="name" class="textbox" style="width: 75%;" type="text" value="" /></li>
<li><label for="email">Email address: *</label> <input name="email" id="email" class="textbox" style="width: 75%;" type="text" value="" /></li>
<li><label for="phone">Telephone:</label> <input name="phone" id="phone" class="textbox" style="width: 75%;" type="text" value="" /></li>
<li><label for="mysevenprog">My Seven programme</label> <input name="mysevenprog" class="textbox" style="width: 75%;" type="text" value="" /></li>
<li><label for="enquiry">Enquiry/Message: *</label> <textarea name="enquiry" class="textarea" rows="5" cols="30" style="width: 75%;" id="enquiry"></textarea></li>
<li><label for="howfindsite">How did you find out about our site?</label> <input name="howfindsite" id="howfindsite" class="textbox" style="width: 75%;" type="text" value="" /></li>
<li>
<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=XXXXXXXXXXXXXXXXXXX"></script>
<noscript>
<iframe src="http://api.recaptcha.net/noscript?k=XXXXXXXXXXXXXXXXXXXX" height="300" width="500" frameborder="0"></iframe><br/>
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
</noscript>
</li>
<li><input type="submit" value="Submit Form" class="button" /></li>
</ul>
<input type="hidden" name="docontact" value="yes" />
</form>
Just use Zend_Service_ReCaptcha. You'll integrate this service just with few lines:
//Creating instance
$recaptcha = new Zend_Service_ReCaptcha($pubKey, $privKey);
//Display output
echo $recaptcha->getHTML();
//Handling input
$result = $recaptcha->verify(
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']
);
//And finally validate captcha
if ($result->isValid()) {
//Cool!
}
Take a look at Using reCAPTCHA to stop spam in PHP.
Related
The landing page has form but it is not submitting and not redirecting to the next page.After submitting the form, it stays on the same page.
It was alright and was working before but I cant figure out where is the problem.
Code in formPage.php is below:
<form action="insert.php" enctype="multipart/form-data" class="contact_form" method="post" name="htmlform" >
<input class="frm-input" name="name" type="text" size="30" maxlength="50" placeholder="Enter Name" required="required" />
<input class="frm-input" name="email" type="text" size="30" maxlength="80" placeholder="Enter Email" required="required"/>
<input class="frm-input" name="jobtype" type="text" size="30" maxlength="30" placeholder="Job Type" required="required"/>
<input class="frm-input" name="ent_type" type="text" size="30" maxlength="80" placeholder="Entity Type" required="required"/>
<input class="frm-input" name="tas_out" type="text" size="30" maxlength="80" placeholder="Task Outline" required="required"/>
<input class="frm-input" name="l_st" type="text" size="30" maxlength="80" placeholder="Logo style of interest (optional)" />
<textarea required="required" class="frm-input frm-txtarea" name="message" placeholder="Task Description!!" maxlength="1000" cols="25" rows="6" ></textarea>
<input style="float: left;" type="file" name="image" size="66"/>
<input type="submit" class="btn btn-success btn-lg" name="submitt" value="submit" style="float: right" />
</form>
In this file I am trying to get the form information and storing them in database.But this page is not loading after the form submission.
Code in insert.php is below:
<?php
/*
$name = "";
$text = "";
$post = "";
*/
//echo $name;
if (isset($_POST['submitt']))
{
$name = $_POST["name"];
$mail = $_POST["email"];
$j_type = $_POST["jobtype"];
$e_type = $_POST["ent_type"];
$task = $_POST["tas_out"];
$l_st = $_POST["l_st"];
$task_des = $_POST["message"];
$image_name=$_FILES['image']['name'];
$image_type=$_FILES['image']['type'];
$image_size=$_FILES['image']['size'];
$image_temp=$_FILES['image']['tmp_name'];
//$date = date(m-d-y);
echo $name;
echo $mail;
echo $j_type;
echo $e_type;
echo $task;
echo $l_st;
echo $task_des;
if ($image_type=='image/jpeg' || $image_type=='image/png' || $image_type=='image/gif') {
move_uploaded_file($image_temp, "img/$image_name");
}
$connection=mysqli_connect("localhost", "root", "","com");
$query="insert into details (name, mail, j_type, e_type, task_outline, l_style, task_desc, image) values('".$name."','".$mail."','".$j_type."','".$e_type."','".$task."','".$l_st."','".$task_des."','".$image_name."')";
if(mysqli_query($connection,$query)){
//include('test.php');
echo '<h2>Data submitted successfully!!</h2>';
header("refresh:1; url=login.php");
//echo 'Back';
}else{
echo "Data not Submitted!";
# code...
}
}
echo "Data not Submitted!";
?>
echo "Data not Submitted!"; // put this line inside the last bracket
Sorry it was my fault,there was a typo mistake in the form action.Everything else is fine.
I tried to use the method from this question, but it didn't work for me.
I always get this error after submiting form:
Fatal error: Cannot use object of type JInput as array in contact.php line 76...
Line 76 looks like this:
$res = $dispatcher->trigger('onCheckAnswer',$post['recaptcha_response_field']);
My contact form:
<div id="contact">
<div id="message"></div>
<form method="post" action="<?php
echo JURI::root() ?>modules/module/tmpl/form/contact.php" name="contactform" id="contactform">
<fieldset>
<input name="name" type="text" id="name" size="30" value="" placeholder="<?php
echo $params->get('contactname'); ?>" onfocus="this.placeholder = ''" onblur="this.placeholder = '<?php
echo $params->get('contactname'); ?>'"/>
<br />
<textarea style="width: 275px;" name="comments" cols="40" rows="3" id="comments" style="width: 350px;" placeholder="<?php
echo $params->get('contactcomment'); ?>" onfocus="this.placeholder = ''" onblur="this.placeholder = '<?php
echo $params->get('contactcomment'); ?>'"></textarea>
<br />
<br />
<?php
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$dispatcher->trigger('onInit','recaptcha');
?>
<div id="recaptcha"></div>
<input type="submit" class="submit" id="submit" value="<?php
echo $params->get('contactbutton'); ?>" />
</fieldset>
</form>
</div>
I added this to contact.php
$post = JFactory::getApplication()->input->post;
$dispatcher = JEventDispatcher::getInstance();
JPluginHelper::importPlugin('captcha');
$res = $dispatcher->trigger('onCheckAnswer',$post['recaptcha_response_field']);
if(!$res[0]){
die('<div class="error_message">' . $errorcomments . '</div>');
}
Instead of
JFactory::getApplication()->input->post;
Try
JRequest::get('post');
I am trying to create error messages if certain conditions aren't met. So the user fills out a form and if a field is empty or doesn't pass my validation it returns the error message.
This is the form:
if (isset($_POST)) {
if (checkEmail($email) == TRUE && $name != NULL && $surName != NULL) {
mysql_query( "INSERT INTO USR_INFO (NAME, MAIL, SURNAME)
VALUES ('$name', '$email','$surName') ") or die(mysql_error());
header('Location: thanks.php');
}
else {
echo'<form action="<?php echo $_SERVER[\'PHP_SELF\']; ?>" method="POST">
<label for="name">First Name</label>
<input type="text" name="name" id="name" value="' .$_POST['name'].'" />
<span class="required">*</span>
<label for="surName">Last Name</label>
<input type="text" name="surName" id="surName" value="' .$_POST['surName']. '" />
<span class="required">*</span>
<label for="email">E-mail</label>
<input type="email" id="email" name="email" placeholder="example#domain.com" value="' .$_POST['email']. '" />
<span class="required">*</span>
<input type="submit" name="submit" id="submit">
</form>';
}
} else {
echo'<form action="<?php echo $_SERVER[\'PHP_SELF\']; ?>" method="POST">
<label for="name">First Name</label>
<input type="text" name="name" id="name" value="" />
<span class="required">*</span>
<label for="surName">Last Name</label>
<input type="text" name="surName" id="surName" value="" />
<span class="required">*</span>
<label for="email">E-mail</label>
<input type="email" id="email" name="email" placeholder="example#domain.com" value="" />
<span class="required">*</span>
<input type="submit" name="submit" id="submit">
</form>';
}
So what I tried is adding an array to display the error messages like so:
$errorMessage = array();
And add this to the html form field with the proper message:
$error[] = "Error Message";
Now what I am stuck with is that I want to have the error show only if a user doesn't meet the conditions
if ($name == NULL) {$error[] = "Error Message";}
if ($surName == NULL) {$error[] = "Error Message 2";}
if (checkEmail($email) == FALSE || NULL) {$error[] = "Error Message 3";}
But I can't make it work. When I tried to implement this logic it will parse the page fine and the validation works as well but the error messages wont show up if I leave a required field blank. My guess is that I didn't loop through it properly.
Help is much appreciated!
EDIT:
I tried the answer that was posted by Frosty Z and this is what I have at the moment:
if (isset($_POST)) {
$errorMessage = array();
if ($name == '') { $errors[] = "Input name please." }
if ($surName == '') { $errors[] = "Input last name please." }
if (!checkEmail($email)) { $errors[] = "Email address not valid." }
if (count($error) == 0) {
mysql_query( "INSERT INTO USR_INFO (NAME, MAIL, SURNAME)
VALUES ('$name', '$email', '$surName') ") or die(mysql_error());
header('Location: thanks.php');
exit;
else {
if (count($errors) > 0)
echo "<p>Sorry, there are problems with the information you have provided:</p>";
foreach($errors as $error)
echo '<p class="error">'.$error.'</p>';
echo'<form action="<?php echo $_SERVER[\'PHP_SELF\']; ?>" method="POST">
<label for="name">Name</label>
<input type="text" name="name" id="name" value="' .$_POST['name'].'" />
<span class="required">*</span>
<label for="surName">Last name</label>
<input type="text" name="surName" id="surName" value="' .$_POST['surName']. '" />
<span class="required">*</span>
<label for="email">E-mail</label>
<input type="email" id="email" name="email" placeholder="example#domain.com" value="' .$_POST['email']. '" />
<span class="required">*</span>
<input type="submit" name="submit" id="submit">
</form>';
}
} else {
echo'<form action="<?php echo $_SERVER[\'PHP_SELF\']; ?>" method="POST">
<label for="name">Name</label>
<input type="text" name="name" id="name" value="" />
<span class="required">*</span>
<label for="surName">Achternaam</label>
<input type="text" name="surName" id="surName" value="" />
<span class="required">*</span>
<label for="email">E-mail</label>
<input type="email" id="email" name="email" placeholder="example#domain.com" value="" />
<span class="required">*</span>
<input type="submit" name="submit" id="submit">
</form>';
}
With this my page won't be parsed. I have error reporting on but it doesn't show anything besides a
Internal server error 500
in my console log(Firebug)
Here is some rewriting of your work with a minimal handling of error messages.
BTW, you should consider adopting a decent PHP framework which will help you to handle a lot of common development tasks.
$name = '';
$surName = '';
$email = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = $_POST['name'];
$surName = $_POST['surName'];
$email = $_POST['email'];
$errors = array();
if ($name == '') { $errors[] = "Please type your name."; }
if ($surName == '') { $errors[] = "Please type your surname."; }
if (!checkEmail($email)) { $errors[] = "Wrong email format."; }
if (count($errors) == 0) {
// tip: use PDO or mysqli functions instead of mysql ones to bind variables.
// currently there is a risk of SQL injection here
mysql_query("INSERT INTO USR_INFO (NAME, MAIL, SURNAME)
VALUES ('$name', '$email','$surName') ") or die(mysql_error());
header('Location: thanks.php');
exit;
}
}
if (count($errors) > 0)
echo '<p>Sorry, there are problems with the information you have provided:</p>';
foreach($errors as $error)
echo '<p class="error">'.$error.'</p>';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">
<label for="name">First Name</label>
<input type="text" name="name" id="name" value="'.htmlspecialchars($name).'" />
<span class="required">*</span>
<label for="surName">Last Name</label>
<input type="text" name="surName" id="surName" value="'.htmlspecialchars($surName).'" />
<span class="required">*</span>
<label for="email">E-mail</label>
<input type="email" id="email" name="email" placeholder="example#domain.com" value="'.htmlspecialchars($email).'" />
<span class="required">*</span>
<input type="submit" name="submit" id="submit">
</form>';
I have this form:
<form action="../index_success.php" method="post" id="sendEmail" class="email">
<h3 class="register2">Newsletter Signup:</h3>
<ul class="forms email">
<li class="name">
<label for="yourName">Name: </label>
<input type="text" name="yourName" class="info" id="yourName" value="<?php echo $_POST['yourName']; ?>" /><br />
</li>
<li class="city"><label for="yourCity">City: </label>
<input type="text" name="yourCity" class="info" id="yourCity" value="<?php echo $_POST['yourCity']; ?>" /><br />
</li>
//This is where I need help with the check box code
<li class="classes"><label for="classInterest">Interested in classes?: </label>
<input type="checkbox" name="classInterest" class="info" id="classInterest" value="Yes" /><br />
</li>
<li class="email">
<label for="emailFrom">Email: </label>
<input type="text" name="emailFrom" class="info" id="emailFrom" value="<?php echo $_POST['emailFrom']; ?>" />
<?php if(isset($emailFromError)) echo '<span class="error">'.$emailFromError.'</span>';
?>
</li>
<li class="buttons email">
<button type="submit" id="submit">Send</button>
<input type="hidden" name="submitted" id="submitted" value="true" />
</li>
</ul>
</form>
This is emailed to a user. I don't know how to add the check box above so the user sees a "yes" if the box is checked:
<?php
$mailTo = 'xxx#xxx.com'; // This is the hardcoded Recipient Address
$mailSubject = 'Subject'; // This is the hardcoded Subject
$mailFrom = $_POST['emailFrom'];
$yourName = $_POST['yourName'];
$yourCity = $_POST['yourCity'];
$classInterest = $_POST['classInterest']; //This is the code for the checkbox
$mailHeader = "From: {$mailFrom}";
$mailBody = "Name = {$yourName} City = {$yourCity} Class interest = {$classInterest}";
mail( $mailTo , $mailSubject , $mailBody , $mailHeader );
Basically, what I need is (psudocode):
if ($classInterest == "yes") {
$classInterest = "Interested in Classes in ".$yourCity;
}
else {
...
}
Try this:
$classInterest = (isset($_POST['classInterest']) && $_POST['classInterest'] == 'Yes') ? "Interested in Classes in " . $yourCity : '';
EDIT
http://blog.gerv.net/2006/10/firefox_reload_behaviour/ read the article and first comment by Jason
I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!